Enabling an Investor Services Firm to Prepare for DORA Compliance

A major investor services firm recognized that it required expert support to meet the deadline for complying with the Digital Operational Resilience Act (DORA), the EU regulation that aims to improve the cybersecurity and operational resilience of financial services firms. Kroll completed a DORA Compliance Assessment that gave the company full insight into its level of preparedness, then delivered a comprehensive road map that ensured the client had a clear pathway to DORA compliance and operational-resilience maturity.

The Challenge

An investor services company faced pressure to meet the requirements of the new Digital Operational Resilience Act (DORA) within the required timeline and recognized that it needed expert help to achieve this. The company also sought guidance to help it tackle the complexities of the DORA regulatory technical standards (RTS) requirements.

With the new regulation close to coming into force, a key criterion for the company’s chosen provider was timeliness. The other was cost, to ensure that the support it needed would meet all its requirements while aligning with its budgetary constraints.

Because DORA is a cross-functional program, another obstacle for the company was that it lacked an internal specialist team to address the many interconnected elements involved. The business required a DORA compliance partner capable of understanding and adapting to these limitations and creating an appropriate plan.

Alongside these challenges, the firm also needed to ensure alignment with the information security standard ISO 27001, so it required a provider with relevant expertise in this area.

Kroll’s Solution

The company selected Kroll as its DORA compliance partner, based on a previously established working relationship covering several projects, such as a major transformation project for the company’s internal risk and compliance function. As a result, the company knew that Kroll already had a good understanding of its risk context and its particular complexities and challenges.

Kroll completed a DORA maturity assessment, which covered five core areas of operational resilience, incorporating the specific requirements of DORA and the RTS, and aligning with the maturity of the client’s information and communications technology,  business continuity and vendor management frameworks.

Following this step, Kroll assessed the company’s operational resilience framework and highlighted its weaknesses against the DORA requirements and best practices while providing a quantitative measure of its compliance status and prioritizing areas for attention in the road map to operational resilience. These actions brought several benefits to the business:

• A clearer understanding of the likely impact of DORA and the RTS, helping to validate and challenge its existing approach.

• An implementation road map to align its DORA compliance with its internal risk and compliance function transformation initiative. The road map was presented as a report based on milestones for presentation to senior stakeholders, with a supporting action tracker tool for effective project management. Kroll ensured flexibility and sensitivity around how best to communicate this information to the company board, to demonstrate how key requirements in an already mature program would be successfully addressed.

• Ongoing assistance and access to expert resources to implement the required changes ahead of the final date for DORA implementation.

 

"Kroll worked with us as a partner, ensuring that its process and outcomes aligned with our unique maturity and circumstances and tailoring our DORA compliance roadmap accordingly. Kroll’s support meant that we were well placed to meet the DORA compliance deadline while reducing the pressure on our in-house resources as much as possible."

The Impact

• Key DORA Compliance Gaps Identified

The company gained full insight into its preparedness through Kroll’s quantitative measurement of its DORA compliance status. This involved validating and challenging its current approach and highlighting key weaknesses through a gap assessment of its operational resilience against DORA and the RTS.

• A Structured Path to DORA Compliance

Kroll delivered a comprehensive roadmap to enable the company’s progression toward DORA compliance, including priority tasks and time frames, and an action tracker with recommended owners, to enable effective project management.

• Expert-Informed DORA Compliance Services

The company benefited from services developed by Kroll’s team of regulatory experts, including those involved in the preparatory consultation work that led to DORA, as well as former Financial Conduct Authority, Securities and Exchange Commission and Autorité des Marchés Financiers regulators.

• Proprietary DORA Resources

Along with the direct support from Kroll’s expert team, the company gained immediate value from Kroll’s 50+ DORA-tailored policies and procedures templates.

Discover Kroll’s DORA Compliance Assessment Services.